漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
CSRF due to overly permissive CORS headers in modelscope/agentscope
Vulnerability Description
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. This issue affects the latest commit on the main branch (21161fe). The vulnerability permits an attacker to access all backend endpoints, including the `api/file` endpoint, enabling the reading of arbitrary files on the target's local file system through CSRF.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
AgentScope 跨站请求伪造漏洞
Vulnerability Description
AgentScope是ModelScope开源的一个应用程序。更简单地构建基于 LLM 的多智能体应用。 AgentScope存在跨站请求伪造漏洞,该漏洞源于AgentScope Studio后端服务器的CORS头配置过于宽松,允许跨站请求伪造,攻击者可以访问所有后端端点并读取目标本地文件系统上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A